Senior Manager – Risk & Compliance IST GRC

Job Description

Job Location: Dubai

The Senior Manager will oversee all regulatory compliance initiatives and assurance activities to safeguard organizational integrity, foster a culture of accountability, and uphold operational excellence.

Responsibilities:

• Develop and champion a multi-year IT risk and compliance roadmap that aligns with the organization&aposs strategic goals and adapts to the evolving information security and privacy landscape.
• Prepare and present executive-level reports and dashboards on key risk indicators (KRIs), program performance (KPIs), and audit outcomes to the leadership team and board.
• Partner with leadership to define, document, and monitor the organization&aposs risk appetite and tolerance levels by conducting risk assessments not limiting to change and product, enterprise technology risk management, asset risk management.
• Oversee all internal and external audits, serving as the primary point of contact for auditors and ensuring all findings are addressed through robust remediation plans.
• Ensure the organization maintains continuous compliance with all relevant regulatory frameworks (e.g., ISO 27001, GDPR, HIPAA, ADHICS).
• Lead the vendor risk management program, providing oversight on all third-party assessments and ensuring contractual safeguards are in place.
• Serve as a key leader in the incident response process, providing strategic guidance during a major security event and ensuring timely communication and resolution.
• Manage the department&aposs pertinent technology stack, and resource allocation to ensure the team is equipped to meet its objectives.
• Mentor and guide the risk and compliance managers, fostering a culture of accountability, continuous learning, and professional growth.
• Drive initiatives to automate and streamline risk and compliance processes to improve efficiency and reduce manual effort.
• Act as an internal consultant, providing expert advice to business units and project teams on risk, security, privacy, and compliance-related matters.
• Oversee the design, implementation, and effectiveness testing of security controls to proactively mitigate identified risks.
• Build and maintain strong relationships with cross-functional teams, including IT, legal, finance, and business operations, to embed IST GRC principles across the organization.

Requirements:

• Bachelors or masters degree in computer information systems, Information Security, or a related discipline.
• Professional certifications such as CISA, CISM, ISO 27001 Lead Auditor/Implementer, or CGEIT are highly desirable.
• 10+ years of experience in GRC, risk management, Data Privacy, compliance, or cybersecurity.
• 2+ years in a leadership role managing risk or compliance teams.
• Information Security Management Systems (ISMS).
• Strong understanding of GRC frameworks (e.g., COSO, NIST, COBIT, ITIL).
• Experience in developing and managing frameworks and assurance programs pertaining to compliance.
• Experience with regulatory compliance across industries, such as healthcare, financial services, or technology.
• Proficiency in GRC software tools and risk management platforms.
• Knowledge of data privacy regulations (GDPR, CCPA) and information security standards